ruby-on-railsnginxamazon-s3proxypassx-accel-redirect

Nginx pass upstream headers to the remote request


This question is similar to this one but doing x-accel-redirect on aws s3 resource. The former tried to set the upstream headers to the local request. This works fine. But now i have moved my contents to the amazon s3 and i wanted to implement the same restricted download to the s3 objects.

This is my nginx config

proxy_pass_header X-Accel-Redirect;
passenger_pass_header X-Accel-Redirect;

location ~* ^/download_zip/(.*) {
    internal;
    resolver 8.8.8.8 valid=300s;



    proxy_buffering off;
    proxy_set_header Content-Length ""; 
    proxy_set_header Cookie ""; 

    proxy_hide_header x-amz-request-id;
    proxy_hide_header x-amz-meta-uid;
    proxy_hide_header x-amz-id-2;
    proxy_hide_header x-amz-meta-mode;
    proxy_hide_header x-amz-meta-mtime;
    proxy_hide_header x-amz-meta-gid;
    proxy_hide_header x-amz-version-id;
    proxy_hide_header accept-ranges;

    # Do not touch local disks when proxying
    # content to clients
    proxy_method GET;
    proxy_pass_request_body off;
    proxy_max_temp_file_size 0;

    proxy_pass_header Content-MD5;
    add_header Content-MD5 $upstream_http_content_md5; 

   #  proxy_set_header Content-MD5 "123123123123123";


     proxy_pass https://a_b_c_assets.s3-east.amazonaws.com/$1$is_args$args; 


     }

and the rails part is

headers['X-Accel-Redirect'] = '/download_zip/uploads/' + params[:story_id] +'/' +    params[:story_id] + '.zip?' + secure_part
headers['X-Accel-Expires'] = 'max'
headers['Content-MD5'] = checksum

Everything works fine except the Content-MD5 is not passed to the proxied request.

Any help is really appreciated.

Another similar question here


Solution

  • proxy_pass_header X-Accel-Redirect;
    passenger_pass_header X-Accel-Redirect;
    
    # this is intermediate location that stores header
    # to variable and rewrites to another location
    location ^~ /download_zip/ {
        internal;
        set $Content_MD5 $upstream_http_content_md5;
        rewrite ^/(.+) /amazon_$1;
    }
    
    location ^~ /amazon_download_zip/ {
        internal;
        resolver 8.8.8.8 valid=300s;
    
        proxy_buffering off;
        proxy_set_header Content-Length ""; 
        proxy_set_header Cookie ""; 
    
        proxy_hide_header x-amz-request-id;
        proxy_hide_header x-amz-meta-uid;
        proxy_hide_header x-amz-id-2;
        proxy_hide_header x-amz-meta-mode;
        proxy_hide_header x-amz-meta-mtime;
        proxy_hide_header x-amz-meta-gid;
        proxy_hide_header x-amz-version-id;
        proxy_hide_header accept-ranges;
    
        # Do not touch local disks when proxying
        # content to clients
        proxy_method GET;
        proxy_pass_request_body off;
        proxy_max_temp_file_size 0;
    
        proxy_pass_header Content-MD5;
        add_header Content-MD5 $Content_MD5; 
    
        proxy_pass https://a_b_c_assets.s3-east.amazonaws.com/;
    }